Working from home: how to deal with the cybersecurity challenge
Since the COVID pandemic swept across the world, more workers than ever before have begun working remotely. While this may have resulted in an improvement in quality of life for some employees, who are now spending more time with their families and less on packed commuter trains, it has also increased the risk of cybersecurity breaches.
Online platforms such as Teams are now key to keeping colleagues connected; vast quantities of potentially sensitive data are being shared over the internet; and many employees are using personal computers and telephones to work from home. In a recent poll of US companies, more than a third of senior technology executives surveyed said that cybersecurity risks have increased, while experts say the true level of the hacking risk is likely much higher than we realize.[1]
The future evolution of the virus may be unknown, but one thing is sure, the need to work remotely and its accompanying risks are not going away any time soon.
Cybersecurity in a time of COVID
The more networks and systems a business uses, the greater its “attack surface”, and the harder it is to ensure cybersecurity. The use of virtual environments is crucial to providing capacity and flexibility for remote working; but this means companies have to rely heavily on the cloud, rendering traditional physical perimeter security solutions that have protected critical applications in the past completely ineffective. Trusting employees to use their own devices can also create issues as not everyone will have the same awareness of the need for firewalls and intrusion detection and antivirus software.
One of the biggest cybersecurity threats comes from one of our most basic office tools–email. Since the beginning of the pandemic, there has been an uptick in business email interruptions, including incidents where accounts have been hacked through phishing scams. One scam sees hackers send a company’s client a fraudulent invoice supposedly from a legitimate worker with the wiring instructions changed so that the money transferred goes into the hacker’s account. By the time the company realizes what has happened, the money is gone, and there is usually no way to recover it.[2]
Practicing good data hygiene
Companies also need to consider the potential threat to data privacy. The GDPR and other data privacy laws require organizations ensure that personal data remains protected and processed correctly even when handled remotely. Under the GDPR, what constitutes a personal data breach extends to accidental incidents such as the loss of data due to misplaced documents or a damaged flash drive.[3] The risk of accidents is obviously increased when working from home.
Preventing exposure
Businesses can protect themselves from cybersecurity issues by implementing an information security management system compliant with an internationally recognized standard such as ISO 27001. It helps organizations strengthen data security and mitigate the risk of data breaches. It addresses asset management, operational security, access control, incident management, human resource security and physical security. By following the best practices laid out in ISO 27001, companies can tackle security risks, protect sensitive data, and manage their security programs.
With the end of COVID far from in sight, companies must accept that remote working is fast becoming the new norm, with many employees even enjoying its benefits. Organizations must react quickly to address risks, raise awareness among employees, and protect the information technology systems that are now crucial to business continuity.